ZeroFox Master Customer Agreement

Effective November 23, 2022 (view archived version)

If you are an individual purchasing a ZeroFox for Everyone subscription, the terms governing your subscription are available here.

This ZeroFox for Business Master Customer Agreement (this “Agreement”) is between ZeroFox, Inc., a Delaware (USA) corporation (“ZeroFox”), and the business asset or organization that you represent (“Customer”).

You represent and warrant that you are at least 18 years of age and that you have the right, power, and authority to enter into this Agreement on behalf of Customer. This Agreement becomes binding and effective on Customer upon the earliest of: (1) when you access or use the Services, (2) when you click the “I agree” (or similar) button or check box referencing this Agreement, (3) when you execute an Order with ZeroFox, or (4) when you execute a contract or order with a ZeroFox-authorized reseller (“Reseller”) incorporating this Agreement.

Capitalized terms not otherwise defined in the text of this Agreement will have the meanings assigned to them in Exhibit A (Definitions).

1. Use of Platform

This Agreement sets forth the terms pursuant to which Customer (and, subject to Section 4, its Customer’s Affiliates) may purchase, and ZeroFox will provide to Customer, a right to access and use on a subscription basis ZeroFox’s proprietary cloud-based software-as-a service security solution hosted on one or more websites designated by ZeroFox (the “Platform).  Subject to Customer’s payment of all applicable fees, ZeroFox grants Customer a limited, non-transferable, and non-exclusive right to access and use the Platform.  Such use is subject to Service Parameters set forth in the Order which may include pricing tiers and other usage-based options you purchase, and you may only use the Platform during the Subscription Term (collectively, the “Platform Subscription”).  Subject to Section 4 below, the Platform may be used only by Customer’s employees or contractors who are acting on Customer’s behalf in the internal operation of Customer’s business.

2. Platform Support

ZeroFox will provide Customer with OnWatch™ technical support regarding use of the Platform at the plan level purchased by Customer in the applicable Order (“Technical Support”). Customer agrees to provide ZeroFox with reasonable information and assistance to facilitate the provision of Technical Support. Additional support terms can be found at https://www.zerofox.com/terms-and-transparency/zerofox-for-business-services-addendum/ or its successor site and are incorporated by reference. These terms may be amended by ZeroFox in its sole discretion, however, ZeroFox hereby agrees that any such modification will not materially alter the nature of ZeroFox’s Technical Support commitments.

3. Professional Services

You may also separately purchase Professional Services as part of your use of the Platform or on a stand-alone basis. The Professional Services may be subject to additional terms and conditions to be set forth in a separately executed statement of work (“SOW”), if applicable.  ZeroFOX will be under no obligation to perform Professional Services until an Order or SOW in relation thereto, as applicable, has been accepted by ZeroFox. If the Professional Services involve the delivery of any work product, developments, inventions, technology, or materials (collectively, “Deliverables) except to the extent that such Deliverables include Customer-owned intellectual property, ZeroFox retains ownership of all Deliverables, including all Intellectual Property Rights therein

4. Affiliates

Subject to ZeroFox’s reasonable acceptance (not to be unreasonably withheld, conditioned, or delayed), Customer’s Affiliates may place an Order or SOW under this Agreement.  Each such Order and SOW, as applicable, will be a separate agreement between ZeroFox and each Customer Affiliate that signs an Order and/or SOW.  In each case Customer and Customer’s Affiliate will be jointly liable for compliance with the Order/SOW and this Agreement.  In each case where Customer’s Affiliate has not entered into an Order or SOW directly with ZeroFox, Customer acknowledges and agrees that it is liable for the acts and omissions of its Affiliates.

5. Authorized Partner Transaction

Customer may purchase a Platform Subscription or obtain Professional Services pursuant to an Order or SOW submitted to ZeroFox by an Authorized Partner on Customer’s behalf. If Customer has purchased a Platform Subscription or Professional Services through an Authorized Partner, then (a) the payment obligations related thereto will be between Customer and the Authorized Partner and not ZeroFox, and (b) Customer will have no direct payment obligations to ZeroFox and Sections 18 and 19 of this Agreement will not be applicable with respect to such Order(s) or SOW(s); provided, however, that ZeroFox may terminate this Agreement (and all Orders and SOWs) if Customer breaches any of its payment obligations to Authorized Partner relating to this Agreement. Any terms agreed to between Customer and the Authorized Partner that are in addition to or inconsistent with this Agreement are solely between Customer and the Authorized Partner. No agreement between Customer and an Authorized Partner is binding on ZeroFox, nor will it have any force or effect with respect to the use of the Platform or ZeroFox’s provision of Professional Services.

6. Customer Content

As between the Parties, Customer owns all right, title, and interest in and to Customer Content, including all associated Intellectual Property Rights. Customer, on behalf of itself and its Affiliates and Authorized Users, hereby grants to ZeroFox a non-exclusive, royalty-free, right and license during the Order Term to use, reproduce, transmit, perform, display and store Customer Content solely for ZeroFox (and subject to Section 35, its Ordinary Course Providers and Affiliates) to fulfill ZeroFox’s obligations hereunder to provide the Platform Subscription and Professional Services.  In performing its obligations hereunder, ZeroFox will employ appropriate security measures throughout the Order Term, taking into account the nature of the information, data and content processed, in accordance with applicable industry practice to protect Customer Content from accidental loss and from unauthorized access, use, alteration or disclosure. Without limiting the foregoing, ZeroFox will comply with all Applicable Laws including, but not limited to, those with respect to its use of Customer Content comprising Personal Information.

7. ZeroFox Content

As part of your use of the Platform and/or obtaining Professional Services, you will be provided with, or given access to, proprietary content and data that is created ZeroFox or generated by the Platform which includes information such as suspicious URLs and domains, lists of malware, information about phishing campaigns, indicators of compromise, data feeds, botnet information and other proprietary threat intelligence (collectively, “ZeroFox Content”).  ZeroFox grants you a limited, non-exclusive, and non-transferable right during the Order Term to access and use the ZeroFox Content for your internal business purposes solely as part of your use of the Platform and receipt of Professional Services.

8. Source Platforms

The Platform Subscription and Professional Services support access to Source Content and may support integrations or connections with Source Platforms and to other third-party (or Customer) apps, sites, platforms, or material (collectively, but exclusive of any Customer Content therein, “Outside Material”). Customer acknowledges that ZeroFox does not endorse, is not responsible, and/or liable for the behavior, features, or content of any Outside Material. Outside Material may be subject to Intellectual Property, privacy, or publicity rights. Customer acknowledges that, while providing the Professional Services or accessing the Platform, ZeroFox may collect content that may be defamatory, obscene, abusive, contain Malicious Code, and/or otherwise be objectionable. ZeroFox does not warrant continuing compatibility and has no support obligations with respect to Source Platforms or Outside Material.  To the extent Customer uses or visits a Source Platform or other Outside Material, it does so at its own risk and such visits and use is governed by the privacy notices, terms of use, policies and licenses of the Source Platform and other Outside Material (collectively, “Outside ToS”). Any changes to Source Platforms or other Outside Material, including their availability or unavailability, during the Order Term (“Outside Changes”) do not affect, modify, or otherwise amend Customer’s obligations under this Agreement.

9. Takedown Request

If Takedown Requests are requested by Customer, ZeroFox or its Affiliate, will initiate Takedown Requests with the applicable Source Platform. In such case, Customer grants to ZeroFox and its Affiliates for the Order Term a limited, revocable appointment to submit Takedown Requests on behalf of Customer (and any Customer Affiliate and Authorized Users) and agrees to provide written authorizations upon ZeroFox’s reasonable request that ZeroFox or its Affiliate can share with the third-party provider(s) to confirm ZeroFox’s or its Affiliate’s authority to submit such Takedown Requests.  Customer acknowledges and agrees that ZeroFox does not and cannot control the processing of Takedown Requests by Source Platforms or other third-party providers. The Source Platform ultimately determines whether to process a Takedown Request in its sole discretion, thus ZeroFox does not guarantee success of any Takedown Request or provide legal advice with respect to whether a Source Platform will agree to process a Takedown Request.

10. Documentation

ZeroFox grants to you a limited, non-exclusive, non-transferable, and non-sublicensable right during the Subscription Term to reproduce copies of all then-current Documentation, solely to exercise the rights granted in this Agreement. No right is otherwise granted to distribute, publish, modify, adapt, translate, or create derivative works of the Documentation. You shall accurately reproduce all proprietary notices, including any copyright notices, trademark notices and confidentiality notices that are contained within any copies of the Documentation.

11. Evaluation Use

If ZeroFox grants you a right to use any part of the Platform on a trial, evaluation, beta, proof-of-concept, or other free-of-charge basis (“Evaluation Use”), then you may only use the Platform on a temporary basis for the period of time limited by ZeroFox as specified in the applicable Order. If there is no period identified by ZeroFox, such use is limited to ten (10) days. If you do not cease your Evaluation Use by the end of the trial period, ZeroFox will invoice you for the then-current list price for use of the Platform, and you agree to pay such invoice.  ZeroFox, in its sole discretion, may stop providing the Evaluation Use at any time, at which point you will no longer have access to any related data, information, and files and must immediately cease using the Platform. You acknowledge that during an Evaluation Use, the Platform (or portion thereof) may not have been subject to ZeroFox’s usual testing and quality assurance processes and may contain bugs, errors, or other issues. Except where agreed to in writing by ZeroFox, your Evaluation Use will be implemented in special cloud-based instance specifically for evaluation purposes. The Evaluation Use is provided “AS-IS” without technical support or any express or implied warranty or indemnity for any problems or issues, and ZeroFox will not have any liability relating to your Evaluation Use.

12. Customer Responsibilities

You are responsible for procuring and operating all computer networks, software, and telecommunications services required to meet the minimum technical specifications necessary to access the Platform. Customer will: (a) be responsible for Authorized Users’ compliance with this Agreement, Documentation, and applicable Orders and SOWs; (b) be responsible for the accuracy, quality and legality of Customer Content provided to ZeroFox; (c) be responsible for providing all notices to, and obtaining all consents and authorizations from, its employees, agents and contractors (“Personnel”) required under Applicable Law; (d) use the Platform only in accordance with this Agreement, applicable Documentation, Order, and Applicable Laws; (e) reasonably ensuring Customer Content includes no more Sensitive Information than is necessary; (f) use commercially reasonable efforts to prevent unauthorized access or use of the Platform; and (g) shall contact ZeroFox promptly if any logins are lost, stolen or compromised or Customer reasonably believes the Platform has been compromised.

13. Customer Restrictions

Customer shall not, directly or indirectly:  (a) enable any person or entity other than Authorized Users to access and use the Platform; (b) sell, resell, license, sublicense, rent, lease or distribute any ZeroFox Content or any derivative work thereof; (c) “frame” or “mirror” the Platform or any ZeroFox Content contained therein for the benefit of any third-party; (d) reverse engineer, disassemble or decompile all or any portion of, or attempt to discover or recreate the source code for, any software that is part of the Platform (except to the extent such restriction is limited under Applicable Law); (e) access or use the Platform, ZeroFox Content, or Documentation or Deliverables for purposes of competitive analysis or the development, provision or use of competing products or services; (f) remove, obscure or alter any proprietary notice related to the Platform or Professional Services; (g) use the Platform to send or store Malicious Code; or (h) use or permit others to use the Platform or Professional Services other than as described in this Agreement, or for any unlawful purpose.

In addition, you will not intentionally: (aa) interfere with other customers’ access to, or use of, the Platform; (bb) facilitate the attack or disruption of the Platform, including a denial of service attack, unauthorized access, penetration testing; (cc) intentionally cause an unusual spike or increase in your use of the Platform that negatively impacts the Platform’s operation; or (dd) submit any information to the Platform that is not contemplated in the applicable Documentation.

14. Investigation and Suspension

ZeroFox may, but has no obligation to, investigate potential violations regarding use of the Platform, and to monitor, restrict and remove any Customer Content, Outside Material or suspend services for as long as necessary to address the potential violation and ensure compliance with this Agreement. Except in urgent or emergency situations, ZeroFox will notify Customer of any such suspension in advance, and work with Customer in good faith to resolve the potential violation. When legally required, ZeroFox may report any activity that ZeroFox reasonably believes violates any law or regulation to law enforcement, regulators, or other appropriate parties, and may also cooperate with any investigation by such parties.

15. Platform Maintenance

ZeroFox may enhance or refine the Platform from time to time, but when it does ZeroFox will not materially reduce the core functionality of the Platform. Such changes may be required to comply with law or Outside ToS. ZeroFox will also perform scheduled maintenance on the infrastructure of the Platform, during which time you may experience some disruption to the Platform. ZeroFox will provide you advance notice of such maintenance periods via the Platform; however, you acknowledge that ZeroFox may need to perform emergency maintenance without providing you advance notice, during which time ZeroFox may temporarily suspend your access to, and use of, the Platform.

16. Feedback and Analytics

If you provide ZeroFox with any suggestions, requested improvements or feedback regarding the Platform or Professional Services (collectively, “Feedback”), ZeroFox may use the Feedback for any purpose without acknowledgement or compensation; provided, however, Customer will not be identified publicly as the source of the Feedback. ZeroFox may also use information related to Customer’s use of the Platform (“Analytics”) to provide, evaluate, improve, and promote ZeroFox’s products and services, including to provide Authorized Users and other customers with insights and other reporting. Except where Analytics are used directly for Customer, ZeroFox shall de-identify Analytics with respect to any Personal Information and shall in no event attribute any Analytics to Customer (or any Authorized User) without Customer’s prior written consent.

17. ZeroFox Proprietary Rights

Exclusive of any Customer Content or Customer Confidential Information, ZeroFox is the sole and exclusive owner of all right, title and interest in and to the Platform (and underlying software), Documentation, Feedback, and all associated Intellectual Property Rights therein, as well as any and all know-how, processes, methods, specifications, inventions, user interfaces, libraries and other technology and materials of any kind that are used or provided by ZeroFox to Customer or an Authorized User in connection with the use of the Platform and provision of Professional Services. No title to or ownership of any associated Intellectual Property Rights is transferred under this Agreement to Customer and ZeroFox reserves all rights not otherwise expressly granted in this Agreement.

18. Payments

Customer shall pay to ZeroFox the amounts specified in each Order and SOW, as applicable, in accordance with its terms and this Agreement.  Unless otherwise specified in the Order or an SOW, all amounts must be paid in U.S. dollars within thirty (30) days of receipt of each ZeroFox invoice.  All amounts are non-refundable unless: (a) an Order or SOW is terminated early by Customer pursuant to Section 29; (b) this Agreement and all Orders and SOWs are terminated early by Customer pursuant to Section 29 ; or (c) this Agreement or any Orders and SOWs are terminated early by ZeroFox pursuant to Sections 24 or 29 , in which case (i) Customer shall not be obligated to pay any additional amounts specified in the applicable Orders and SOWs following the effective date of termination, and (ii) ZeroFox will refund to Customer a pro rata share of any unused amounts prepaid by Customer under the applicable Order on the basis of the remaining portion of the current Order Term (a “Pro-Rated Refund”). In all other cases, and regardless of whether Customer uses the Platform or Professional Services reflected in the Orders, SOWs or otherwise, Customer is responsible for paying all amounts specified in all applicable invoices through expiration of the applicable Order Terms.

19. Taxes

All fees and amounts set forth in the Orders and SOWs are exclusive of taxes, levies, duties, or charges owed under Applicable Law (collectively, “Taxes”). Customer shall be responsible for paying all sales, service, value-added, use, excise, consumption, and any other Taxes on amounts payable by Customer under the Orders, SOWs, and this Agreement (other than any Taxes on ZeroFox’s income, revenues, gross receipts, personnel, or assets). If Customer is required to deduct or withhold any Taxes under Applicable Law, Customer must pay the amount deducted or withheld as required by Applicable Law and pay ZeroFox an additional amount so that ZeroFox receives payment in full of amounts due under this Agreement as if there were no deduction or withholding.

20. Renewals

Unless either Party gives the other Party written notice of its intention not to renew an Order regarding a Platform Subscription at least thirty (30) days prior to the Order’s then current expiration date, the Order with respect to such Platform Subscription will automatically renew for a Subscription Term of the same duration as the expiring Order Term (each, a “Renewal Order Term”). The Parties agree that ZeroFox may increase its applicable prices by up to 7% for a Renewal Order Term.

21. Confidential Information

As used in this Agreement, “Confidential Information” means any information disclosed by one Party, its Affiliates, or their respective employees, agents, or contractors (the “Discloser”) that is designated as confidential, either orally or in writing, or that, given the nature of the information or circumstances surrounding its disclosure, reasonably should be understood to be confidential. Confidential Information includes without limitation: (a) information relating to the Discloser’s or its Affiliates’ technology, customers, business plans, promotional and marketing activities, finances, and other business affairs; (b) third-party information that the Discloser is obligated to keep confidential; (c) Customer Content; and (d) the terms of this Agreement. Confidential Information does not include any information that: (i) was known to the Party that receives any Confidential Information (the “Recipient”) prior to receiving the same from the Discloser in connection with this Agreement; (ii) is independently developed by the Recipient without reference to or use of the Discloser’s Confidential Information; (iii) is acquired by the Recipient from another source without restriction as to use or disclosure; or (iv) is or becomes publicly available through no fault or action of the Recipient.

22. Confidentiality and Non-Disclosure

Each Party reserves any and all right, title, and interest, including any Intellectual Property Rights, that it may have in or to its Confidential Information that it may disclose to the other Party under this Agreement. The Recipient shall protect Confidential Information of the Discloser against any unauthorized use or disclosure to the same extent that the Recipient protects its own Confidential Information of a similar nature against unauthorized use or disclosure, but in no event shall use less than a reasonable standard of care to protect such Confidential Information. The Recipient shall use any Confidential Information of the Discloser solely for the purposes for which it is provided by the Discloser. This Section will not be interpreted or construed to prohibit: (a) any use or disclosure which is necessary or appropriate in connection with the Recipient’s performance of its obligations or exercise of its rights under this Agreement; (b) any use or disclosure required by Applicable Law, provided that the Recipient uses reasonable efforts to give the Discloser reasonable advance notice thereof to afford the Discloser an opportunity to intervene and seek an order or other appropriate relief for the protection of its Confidential Information; or (c) any use or disclosure made with the consent of the Discloser. In the event of any breach or threatened breach by the Recipient of its obligations under this Section, the Discloser will be entitled to seek injunctive and other equitable relief to enforce such obligations.

23. Mutual Warranties

Each Party represents and warrants that: (a) it has the legal authority to enter into this Agreement, to grant the rights granted by it under this Agreement and to perform its obligations under this Agreement; and (b) the execution of this Agreement by its representative whose signature is set forth at the end of this Agreement has been duly authorized by the Party.

24. Platform Warranty

ZeroFox warrants to Customer that, during the Subscription Term: (a) the Platform will perform and provide functionality substantially in accordance with the Documentation, and (b) any changes to the Platform pursuant to Section 15 or otherwise will not materially decrease the functionality of the Platform existing as of the effective date of the applicable Order. ZeroFox’s sole liability, and Customer’s sole and exclusive remedy, for any breach of the warranties under this Section 24 will be, in ZeroFox’s sole discretion and at no charge to Customer: (i) to use commercially reasonable efforts to correct the alleged defect or otherwise repair, replace or provide a workaround for the non-conformity, or if ZeroFox is unable to do so, (ii) to allow Customer to terminate the applicable Order(s), in which case ZeroFox will issue a Pro-Rated Refund. The warranties under this Section 24 do not extend to the following (collectively, “Warranty Exceptions”): Outside Changes, Force Majeure Events (as discussed in Section 37), or any use of the Platform other than in accordance with this Agreement and the applicable Documentation, Outside ToS and Order.

25. Support and Professional Services Warranty

ZeroFox warrants to Customer that ZeroFox will perform all Technical Support and Professional Services in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services. ZeroFox’s sole liability, and Customer’s sole and exclusive remedy, for any breach of the warranties under this Section 25 will be, in ZeroFox’s sole discretion, and at no charge to Customer, to re-perform the non-conforming Technical Support or Professional Services, as applicable, provided Customer notifies ZeroFox in writing of any alleged non-conformity within twenty (20) days of delivery of the Technical Support or Professional Services, as applicable.

26. General Disclaimers

EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTY OR GUARANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL WARRANTIES, WHETHER IMPLIED, EXPRESS, OR STATUTORY, INCLUDING ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEAILING, USAGE OR TRADE PRACTICE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

27. Service Disclaimers

EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 24 AND 25, PLATOFORM USE, TECHNICAL SUPPORT AND PROFESSIONAL SERVICES ARE PROVIDED “AS IS.”  ZEROFOX MAKES NO WARRANTY OF ANY KIND THAT THE PLATFORM, ANY TECHNICAL SUPPORT OR PROFESSIONAL SERVICES, DOCUMENTATION, OR RESULTS OF THE USE THEREOF, WILL: (a) MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS; (b) OPERATE WITHOUT INTERRUPTION; (c) ACHIEVE ANY INTENDED RESULT, (d) BE COMPATIBLE, WORK WITH OR CONTINUE TO WORK WITH OUTSIDE MATERIAL; OR (e) BE ERROR FREE. ZEROFOX ASSUMES NO LIABILITY OR RESPONSIBILITY FOR PERSONAL INJURY OR PROPERTY DAMAGE RESULTING FROM USE OF THE PROFESSIONAL SERVICES.

28. Term; Survival

Unless terminated early in accordance with Section 24 or 29, the term of this Agreement will continue through the expiration or earlier termination of the last Order or SOW then in effect.  The provisions set forth in the following Sections, and any other right or obligation of the Parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: 13, 16, 17, 21, 22, 26, 27, 31, 34, and 43.

29. Early Termination

ZeroFox may terminate any Order, SOW, or suspend performance and Platform access upon written notice to Customer if Customer fails to pay any amount due under the Order or SOW, and such failure continues more than ten (10) days after ZeroFox’s delivery of written notice.  In addition, either Party may terminate this Agreement and all Orders and SOWs, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach (if capable of cure) remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach.

30. Effect of Termination

Upon expiration or earlier termination of an Order or SOW:  (a) subject to Section 31, all rights granted to Customer under such Order or SOW, as applicable, will terminate effective as of the effective date of termination; (b) subject to Section 31, ZeroFox will have no obligation to provide services or Platform access to Customer or Authorized Users after the effective date of the termination; and (c) Customer will pay to ZeroFox any amounts payable for Customer’s and any Authorized User’s use of the Platform or receipt of Professional Services through the effective date of the termination, together with all other amounts in accordance with the Order, SOW and Section 18.

31. Post-Order Termination Data Export and Deletion

Following Customer’s request made no later than ten (10) days from the effective date of termination of Customer’s use of the Platform, ZeroFox will make available to Customer an export in CSV or other mutually agreed file format of Source Content collected through Customer’s use of the Platform and Customer Content that, in each case, was accessible to Authorized Users through the Platform Subscription immediately prior to termination (“Accessible Data”). Following such 10-day period, ZeroFox shall have the right to delete all Accessible Data from the Platform and otherwise in accordance with ZeroFox’s deletion policies and procedures and Customer expressly consents to such deletion

32. Indemnification by ZeroFox

Subject to Section 33 , ZeroFox agrees to defend, indemnify and hold harmless Customer, its Affiliates who have placed an Order or SOW hereunder and their Personnel (collectively, “Customer Indemnitees”), from and against any and all claims, damages, obligations, losses, liabilities, costs and expenses (including without limitation reasonable attorneys’ fees) (collectively, “Losses”) arising out of or related to any claim, suit, action or proceeding (each, “Action”) initiated by a third party alleging that use of the Platform in accordance with this Agreement and the Documentation, infringes or misappropriates such third party’s Intellectual Property Rights (each, a “Customer Infringement Claim”). If use of the Platform becomes, or in ZeroFox’s reasonable opinion is likely to become, the subject of a Customer Infringement Claim, then ZeroFox may in its discretion and at its own expense: (a) obtain for Customer the right to continue using the Platform; (b) modify the Platform so that it no longer infringes or misappropriates; or (c) terminate this Agreement and all Orders related to use of the Platform and issue a Pro-Rated Refund. ZeroFox will have no liability for any Customer Infringement Claim to the extent it arises from: (i) Customer’s breach of this Agreement; (ii) Customer Content, Source Content, or other Outside Material; (iii) ZeroFox’s compliance with an Authorized User’s or Customer’s instructions; or (iv) continued use of the Platform after ZeroFox notifies Customer to discontinue use due to a Customer Infringement Claim.  THE FOREGOING STATES ZEROFOX’S ENTIRE LIABILITY AND CUSTOMER’S EXCLUSIVE REMEDIES FOR ANY CLAIM OF INTELLECTUAL PROPERTY RIGHTS INFRINGEMENT OR MISAPPROPRIATION.

33. Indemnification Procedure

A Customer Indemnitee seeking indemnification shall promptly notify ZeroFox, in writing of any Action for which it seeks indemnification and cooperate with ZeroFox at ZeroFox’s expense. ZeroFox shall promptly take control of the defense and investigation of such Action and shall employ counsel of its choice to handle and defend the same, at ZeroFox’s expense. A Customers Indemnitee may participate in and observe the proceedings at its own expense with counsel of its own choice. ZeroFox shall not settle an Action without the Customer Indemnitee’s written consent if such settlement shall require action or payment by Customer Indemnitee.

34. Limitations of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS OTHERWISE PROVIDED IN THIS SECTION 34: (a) IN NO EVENT SHALL EITHER PARTY, ITS AFFILIATES OR THEIR EMPLOYEES, AGENTS, CONTRACTORS, OFFICERS OR DIRECTORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR BUSINESS INTERRUPTION, LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES ARISING OUT OF OR RELATING TO THIS AGREEMENT; AND (b) IN NO EVENT SHALL EITHER PARTY’S CUMULATIVE AND AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE FEES PAID TO ZEROFOX BY CUSTOMER OR AUTHORIZED PARTNER, AS APPLICABLE, UNDER THE APPLICABLE ORDER(S) OR SOW(S), INCLUDING PRIOR ORDERS AND SOWs FOR THE SAME SERVICES, IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY (THE “CAP”). THE EXCLUSIONS AND LIMITATIONS IN THIS SECTION, INCLUDING THE CAP (COLLECTIVELY, THE “EXCLUSIONS”), APPLY WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR ANY OTHER BASIS, EVEN IF THE NON-BREACHING PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE EXCLUSIONS SHALL NOT APPLY TO ZEROFOX’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 32, CUSTOMER’S BREACH OF SECTION 13 OR CUSTOMER’S PAYMENT OBLIGATIONS TO ZEROFOX OR AUTHORIZED PARTNER, AS APPLICABLE.

35. Ordinary Course Providers and Affiliates

ZeroFox’s Platform is a cloud based on-demand service that currently uses commercial hosting services provided by Amazon Web Services, LLC (“AWS”) and other third-party service providers to assist ZeroFox in providing the Platform to the Customer, and not specifically for just the Customer (collectively, “Ordinary Course Providers”). ZeroFox will engage, use, and substitute Ordinary Course Providers and Affiliates as it deems appropriate, but shall remain responsible to Customer for its access to the Platform and the actions and omissions of its Ordinary Course Providers and Affiliates undertaken in connection with this Agreement. For the purposes of this Agreement, providers of Source Platforms and other Outside Material shall not be deemed Ordinary Course Providers.

36. Publicity

Neither Party shall issue or release any announcement, statement, press release or other publicity or marketing materials relating to this Agreement or, unless expressly permitted under this Agreement, otherwise use the other Party’s marks or logos without the prior written consent of the other Party.

37. Force Majeure

Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement, when and to the extent such failure or delay is caused by acts of God; flood, fire or explosion; war, terrorism, invasion, riot or other civil unrest; embargoes or blockades in effect on or after the date of this Agreement; or national or regional emergency including but not limited to a global pandemic (each of the foregoing, a “Force Majeure Event”), in each case, provided the (a) event is outside the reasonable control of the affected Party, (b) affected Party provides prompt notice to the other Party, stating the period of time the occurrence is expected to continue, and  (c) affected Party uses diligent efforts to end the failure or delay and minimize the effects of such Force Majeure Event.

38. Independent Parties; No Third-Party Beneficiaries

The Parties expressly understand and agree that their relationship is that of independent contractors. Nothing in this Agreement shall constitute one Party as an employee, agent, joint venture partner or servant of another. This Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express, or implied, is intended to or shall confer on any other person any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.

39. Assignment

Each Party may assign this Agreement in connection with any merger, consolidation or reorganization involving such Party (regardless of whether it is a surviving or disappearing entity), or a sale of all or substantially all of a Party’s business or assets relating to this Agreement to an unaffiliated third party.  Subject to the foregoing, neither Party may assign this Agreement, whether by operation of law or otherwise, without the other Party’s prior written consent, and any purported assignment in violation of this Section is void.  This Agreement is binding upon and inure to the benefit of the Parties hereto and their respective permitted successors and assigns.

40. Anti-Corruption and Export Compliance

Each Party shall, in connection with this Agreement:  (a) comply with Applicable Laws relating to anti-bribery and anti-corruption, which may include the US Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010; (b) comply with Applicable Laws administered by the U.S. Commerce Bureau of Industry and Security, U.S. Treasury Office of Foreign Assets Control or other governmental entity imposing export controls and trade sanctions (Export Laws”), including designating countries, entities and persons in which it would be unlawful to transact business (“Sanctions Targets”); and (c) not directly or indirectly export, re-export or otherwise provide access to the Platform to a Sanctions Target, or broker, finance or otherwise facilitate any transaction in violation of any Export Laws. Customer represents that it is not a Sanctions Target or prohibited from receiving services pursuant to this Agreement under Applicable Laws, including Export Laws.

41. U.S. Government Customers

The access to the Platform, Professional Services, Documentation and Deliverables are provided to the U.S. Government as “commercial items,” “commercial computer software,” “commercial computer software documentation,” and “technical data” with the same rights and restrictions generally applicable to services, information, and those materials. If Customer or any Authorized User is using the Platform or Professional Services on behalf of the U.S. Government and these terms fail to meet the U.S. Government’s needs or are inconsistent in any respect with federal law, Customer and Customer’s Authorized Users must immediately discontinue such use. The terms listed above are defined in the Federal Acquisition Regulation and the Defense Federal Acquisition Regulation Supplement.

42. Governing Law; Venue

The Parties agree that both the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transaction Act (“UCITA”) are specifically excluded from application to this Agreement. Except to the extent the issue arising under this Agreement is governed by United States federal law, this Agreement shall be governed by and construed and enforced in accordance the applicable governing law, specified below, based on your primary place of business. The courts located in the applicable venue below will have exclusive jurisdiction to adjudicate any dispute arising out of our relating to this Agreement or its formation, interpretation, or enforcement. Each party consents and submits to the exclusive jurisdiction of such courts.

Country of TerritoryGoverning LawJurisdiction and Venue
European Economic Area and United KingdomEnglish LawLondon, England
United States and all other countriesMaryland LawBaltimore, Maryland

43.Miscellaneous

This Agreement, together with all Orders, and SOWs, is the complete and exclusive statement of the agreement between the Parties and supersedes all proposals, RFPs, RFIs, questionnaires and other communications and agreements between the Parties (oral or written) relating to the subject matter of this Agreement. Any terms and conditions of any other instrument issued by Customer in connection with this Agreement which are in addition to, inconsistent with or different from the terms and conditions of this Agreement shall be of no force or effect.  Additionally, this Agreement supersedes: (a) any on-line click-through agreement accepted in connection with accessing the Platform, and (b) any confidentiality, non-disclosure, evaluation or trial agreement previously entered into by the Parties with respect Customer’s or an Affiliate’s evaluation of the Platform or otherwise with respect to any other services.  This Agreement may be modified only by a written instrument duly executed by authorized representatives of the Parties.  The failure of a Party to exercise or enforce any condition, term or provision of this Agreement will not operate as a waiver of such condition, term, or provision. Any waiver by either Party of any condition, term or provision of this Agreement shall not be construed as a waiver of any other condition, term or provision. If any provision of this Agreement is held invalid or unenforceable, the remainder of the Agreement shall continue in full force and effect. The headings in this Agreement are for reference only and shall not affect the interpretation of this Agreement.  For purposes of this Agreement, the words “include,” “includes” and “including” are deemed to be followed by the words “without limitation”; the word “or” is not exclusive; and the words “herein,” “hereof,” “hereby,” “hereto” and “hereunder” refer to this Agreement as a whole.

44. Notices

Notices required or permitted to be given under this Agreement shall be in writing and shall be deemed to be sufficiently given: (a) one (1) business day after being sent by overnight courier to the mailing  address set forth in this Agreement (or the Order or SOW, if different); (b) three (3) business days after being sent by registered mail, return receipt requested to the mailing  address set forth in this Agreement (or the Order or SOW, if different); or (c) one (1) business day after being sent by email to the email address of Customer’s customary point of contact (provided that (i) the sender does not receive a response that the message could not be delivered or an out-of-office reply and (ii) any notice for an indemnifiable Action must be sent by courier or mail pursuant to clause (a) or (b)). Either Party may change its address(es) for notice by providing notice to the other in accordance with this Section.

45. Changes to this Agreement

ZeroFox may update or modify this Agreement from time to time. If a revision meaningfully reduces Customer’s rights, ZeroFox will use reasonable efforts to notify Customer (by, for example, sending an email to the billing contact you designate in the applicable Order or by posting through the Subscription Service). If ZeroFox modifies the Agreement during an Order Term, the modified version will be effective immediately upon the start of the next Renewal Order Term. In this case, if Customer objects to the updated Agreement, as its sole and exclusive remedy, Customer may choose not to renew, including canceling any terms set to auto-renew. For the avoidance of doubt, any Order is subject to the version of the Agreement in effect at the time of the Order.


Exhibit A

Definitions.  Capitalized terms not otherwise defined in this Agreement shall have the respective meanings assigned to them in this Exhibit A. 

“Affiliate” means, with respect to a Party, a business entity that directly or indirectly controls, is controlled by or is under common control with, such Party; “control” means the direct or indirect ownership of more than 50% of the voting securities of a business entity.

“Applicable Laws” means any and all governmental laws, rules, regulations or orders that are applicable to a particular Party’s performance under this Agreement.

“Authorized Partner” a third-party partner, reseller or distributor authorized by ZeroFox to sell (a) subscriptions to customers to use the Platform, or (b) Services to be provided by ZeroFox to customers.

“Authorized User” means an individual employee, agent or contractor of Customer or a Covered Affiliate for whom subscriptions to use the Platform have been purchased pursuant to this Agreement, and who have been supplied user credentials for Platform access by Customer or the Covered Affiliate (or by ZeroFox at Customer’s or a Covered Affiliate’s request).

“Customer Content” means information, data and content originating with Customer (or an Authorized User) that Customer or an Authorized User (a) submits to ZeroFox via the Platform or separately off-line, including Customer-specific configurations and rules, or (b) provides to ZeroFox for the provision of Technical Support or Professional Services.

“Documentation” means policies, user manuals, handbooks, reports, instructions, and guides relating to the Platform and/or Professional Services provided by ZeroFox to Customer.

“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.

“Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs.

“Order” means a separate written order placed under this Agreement by Customer or a Contracting Affiliate (subject to Section 4) or an Authorized Partner on behalf of Customer.

“Order Term” means, with respect to each Order, the Subscription Term for the Platform Subscription and/or the term during which Professional Services will be provided under an SOW, in each case as specified in the applicable Order and SOW and all Renewal Order Terms, if any.

“Party” means each of ZeroFox and Customer (or any Contracting Affiliate) and “Parties” shall mean each Party together.

“Personal Information” means information relating to an identified or identifiable natural person, such as name and online identifier, that is protected by Applicable Laws with respect to privacy where the individual resides.

“Professional Services” includes implementation, configuration, training, On-Demand Investigations (“ODI”), managed security, Takedown Requests, breach-response services, incident response (IR) services, and other security advisory or consulting services to be provided by ZeroFox that are otherwise not included in the Platform Subscription.

“Sensitive Information” means Personal Information that is subject to specific or heightened requirements under Applicable Law or industry standards, such as government-issued identification numbers, protected health information under U.S. Health Insurance Portability and Accountability Act, nonpublic personal information under the U.S. Gramm-Leach-Bliley Act, cardholder data under the PCI Data Security Standard, and special categories of personal data and personal data relating to criminal offenses under the EU General Data Protection Regulation.

“Service Parameters” means usage criteria or service limitation as specified in the associated Order, such as (a) numbers of business brands, social media accounts or domains eligible for protection through the Platform, (b) Source Platforms and types of Source Content supported under the purchased subscription, and (c) the number of social or web Takedown Requests available.

“Source Content” means data, content or other material available from a Source Platform.

“Source Platform” means an app, site or platform hosted by a third party (or Customer) that allows its users to share and store data, content and other material, such as sites for social networking and microblogging and sites that support blogs, reviews, surveys and comments.  Depending on the applicable Service Parameters, Source Platforms could include, for example, LinkedIn, Facebook and Instagram.

“Subscription Term” means the defined period of time (such as 1, 2 or 3 years) that Customer purchases a right to access and use the Platform.“Takedown Request” means a request submitted by ZeroFox to a Source Platform or other online service provider on Customer’s behalf to remove data, content or other material that violates Applicable Law, infringes Intellectual Property Rights, or otherwise violates applicable Outside ToS.